Complex File IDs/URLs

0 Likes
(25)

We would like to see more complex file IDs to create more complex, and thus more secure, file URLs.

Currently, if an instructor uploads several files at once in the Files area of a course, the files are assigned sequential numeric identification numbers. These file IDs create file URLs that differ from each other by +/- one or two numbers.

This is an issue when the files uploaded simultaneously are related to exam content or other secure/sensitive materials. We recently had an instructor who uploaded exam instructions and an exam file at the same time. He posted the exam instructions to students in advance of the exam and thought that the exam file would be secure because it was linked in a quiz that was not yet available to students. However, since the file IDs were sequential, students were able to guess their way into the exam file before the time of the exam.

The only way to restrict student access to files is to put date limits on the student availability of the file (or folder). This additional step is not intuitive to instructors, especially when they have taken other measures to protect their files, such as hiding the Files tab from the student navigation menu of a course. This also adds additional work for instructors when they're building their exams, not to mention work for those of us in learning support roles as we try to teach instructors to work around this file security vulnerability.

Non-sequential and/or alphanumeric file IDs (as opposed to just numeric IDs) would make file IDs exponentially more difficult to guess, thus making files more secure.

4 Comments
ctitmus
Instructure Alumni
Instructure Alumni
Status changed to: Open
 
nuvlg721
Community Participant

This is really important for exam and assignment security.

RobDitto
Community Champion

Rated 5 stars! For a different possible solution, consider this long-running idea which builds on how New Quizzes can already manage image files which "belong" within a quiz, rather than as a course document:

KristinL
Community Team
Community Team
Status changed to: Archived

Thank you for sharing this idea with the Instructure Community!

The Product Team reviewed all feature proposals recently, and unfortunately, this thread was identified as one that they would not be able to include in their current or future plans. While we appreciate your proposal, we also want to be transparent about the likelihood of something like this making it to production.

Thank you for collaborating, and we hope that you submit another idea in the future!